This article is also available in:
Deutsch: Europäische Kommission will staatliche Kontrolle des Internets ausbau...
The European Commission (EC) Information Society and Media Directorate-General have recently drawn up a series of six policy papers intended to increase government control over the Internet.
The policies have in view measures that include governmental control over the domain names that can be registered, the veto power of governments over new Internet domain names, significant structural changes at the level of ICANN (Internet Corporation for Assigned Names and Numbers), an obligation of the organisation to follow governments' advice (except for cases considered illegal or damaging to the Internet stability) and the creation of two bodies that would oversee ICANN decision-making and finances.
The measures brought forth by the new policies would provide governments with de facto control over the Internet's naming systems and would end up the independent and autonomous approach of the Internet's domain name system. The new suggestion seems a logical consequence of the position of the head of European Comisson's Audiovisual, Media and Internet Directorate - Gerard de Graaf - at an ICANN meeting in Singapore in June 2011.
The recent EC papers come to argue for increased government control and foresee the shift in power toward governments within the next 12 months. According to the new policies, the governments are notified about the applications received and are to indicate which TLDs might raise "public policy concerns." This actually means that governments can try to block or censor any content or applicant that they want, by using the "public policy concerns" argument. The Governmental Advisory Committee (GAC) will be able to raise formal objections later in the process.
GAC, which presently has no legal authority, will soon become a legislator that can create a list of words that no Internet user in the world can register, as proposed by the EC papers. GAC members (should be able to) request the reservation or blocking of domain names at the second level under new gTLDs. It should do this by constructing a censorship list, which it calls a "reference list for all new gTLD operators to use and ICANN" say the EC documents.
Milton Mueller from IGP (Internet Governance Project) explains that the fate of the new registries and new domain names should be determined by users and consumers, and not by a central planning authority dominated by governments and special interest groups. "The new TLD program is also important because domain names are a form of expression on the Internet. Any policy that regulates the creation or operation of new domains based on their meaning or the content underneath them is, de facto, a form of globalized content regulation. Thus, even people who think domain names are not that important need to pay attention to what happens in this space, especially now that domain take-downs are becoming an increasingly common form of state intervention."
EC's second paper is damaging for the freedom of expression by introducing huge, unnecessary economic barriers to entry. What it proposes is to subordinate the Internet community's self-governance to a hierarchical control by the state, replacing ICANN's gTLD policy with a new one that will allow governments through GAC, to take complete control over what new top level domain names are allowed to exist.
These EC papers were developed not under public consultancy, but secretly, thus lacking in democratic legitimacy. The plans are to formally raise or even implement the proposed measures by the end of this year, in particular at ICANN's meeting in Senegal in October.
The second EC ICANN Paper: How low can they go? (4.09.2011)
European Commission calls for greater government control over Internet
Analysis: EC policy papers on ICANN (31.08.2011)
ICANN - informal background paper - New gTLD process (1.09.2011)
Payback time: The European Commission papers on ICANN (2.09.2011)
This article is also available in:
Deutsch: Schweden hält Umsetzung der VDS-Richtlinie für überflüssig
On 5 September 2011, the Swedish government responded to the European Court of Justice after the Commission referred Sweden to the Court for failing to transpose the Directive on Data Retention (2006/24/EC).
Sweden's main argument is that it is unnecessary to transpose the Data Retention Directive, considering the practical effects of existing Swedish legislation. This implicitly means that transposition would be contrary to the European Convention on Human Rights and the Charter of Fundamental Rights, both of which require restrictions on fundamental rights to be necessary and proportional.
The Directive on Data Retention 2006/24/EC was adopted in 2006 and the Member States had until 15 September 2007 to transpose it into the national law, and until 15 March 2009 to implement the retention of communications data relating to Internet services. The Directive concerns the storage of traffic and location data resulting from electronic communications. Traffic and location data retained by Internet service providers and phone companies will be made available only to national law enforcement authorities in specific cases and in accordance with the national law. However, retention periods, purpose limitation and access requirement vary vastly across the EU.
The European Court of Justice found that Sweden failed to fulfil its obligations to implement the Data Retention Directive in its national legislation on 4 February 2010. Despite this first ruling, Sweden still has not transposed the Directive 2006/24/EC. In the absence of a precise timetable for the transposition of the Directive, the Commission decided to send a letter of formal notice to Sweden in June last year. The Commission asked Sweden for details on the measures Sweden planned to implement the Directive and comply with the Court's decision.
Sweden informed the Commission on 21 January 2011 that draft legislation had been submitted to its Parliament in order to transpose the Directive. The legislation was to be adopted in mid-March. However, the Parliament deferred the vote on the draft legislation implementing the Directive on Data Retention for a year, due to the opposition from a minority of parliamentarians. They used a constitutional rule allowing one-sixth of the MPs to suspend the adoption of a proposed legislation.
Following this suspension of the legislative process, the European Commission swiftly referred Sweden for a second time to the European Court of Justice, requesting it to impose financial penalties (Case C-270/11). The Commission asked the Court to impose a daily penalty of 40 947 Euros/day after the second ruling and a lump sum of 9 597 Euros/day for each day between the first and the second ruling. The ECJ will have to determine the level of sanctions and if it will take the form of a penalty and/or a lump sum.
In its response to the ECJ, Sweden argues that the penalties are disproportionate considering firstly the fact that Sweden does not often fail to fulfil its implementation obligations regarding European directives and secondly that some other Member States likewise fail to implement the Directive without being penalised by any financial penalties.
The Swedish government also indicated that since the first ruling, it has taken all procedurally possible measures to implement the Directive. The delay is due to political and legal matters with regards to the sensitive subjects the Directive is dealing with, such as the right to privacy and those debates are delaying the legislative process. It further points out that this controversy is not limited to Sweden.
Moreover, according to Sweden, the failure to implement the Directive does not create any barriers for the Single Market. Bearing in mind the Commission's own assertion of the low costs of implementing the Directive (as described in the implementation report), this seems to be difficult for the Commission to deny. According to Sweden, the harmonisation realised by the Directive on Data Retention is only minimal and does not appear to be crucial in achieving competition on the Single Market. In addition, the Directive does not say who finance data retention.
It finally appears that the Swedish Government believes that Directive 2002/58/EC on Privacy and Electronic Communications gives the Member States the ability to adopt legislation covering the field of the Data Retention Directive when necessary and that the 2006 Directive's implementation in Sweden is therefore meaningless. The Swedish government especially underlines that the Swedish crime prevention authorities already have sufficient access to data even without full the implementation of the Directive. Furthermore, the differenceasthe implementations across the EU show the limits of the Data Retention directive and create a lack of harmonisation.
According to Sweden, further implementation of the Data Retention Directive is superfluous and unnecessary. The question remaining now is whether the European Court of Justice will follow the Swedish defence on the "necessity" of implementing the Data Retention Directive and the Directive's failure to achieve the task on which its legal base is built - harmonisation. The Commission now faces an unenviable task - it either forces a sovereign Member State to impose unnecessary (and therefore illegal) restrictions on fundamental rights or it accepts the challenge of finally acknowledges the failure of the Directive and the inevitable battle with the Council that will result from any serious effort to fix the broken legislation.
Data Retention Directive 2006/24/EC (15.03.2006)
Judgement of the Court Case C-185/09 (4.02.2010)
Commission refers Sweden back to Court to transpose EU legislation
European Commission Application (31.05.2011)
Sweden's response to the ECJ - Case C-270/11 - (5.09.2011) (available only
(Contribution by Marie Humeau - EDRi)
This article is also available in:
Deutsch: DigiNotar-Panne führt zu schwerwiegenden Sicherheitsbedenken
A breach in the computer systems of Dutch certificate company Diginotar led to grave concerns regarding the security of internet users in Iran and Dutch government communications. On 2 September 2011, the Dutch government denounced their trust in certificates issued by DigiNotar after the discovery of fraudulent certificates. It advised Dutch citizens not to log in on websites using these certificates, until the certificates are replaced. Meanwhile, there is credible evidence that the confidential communication of hundreds of thousands of Iranians with Gmail has been intercepted.
In June 2011, the servers of DigiNotar were intruded and certificates were fraudulently issued in the weeks after. Although some of these certificates were revoked, DigiNotar kept the breach secret. Only weeks later, following a message posted on a forum by someone from Iran who tried to log in to Gmail and received a warning about a non-authentic DigiNotar certificate for Google, did DigiNotar acknowledge the breach. On 29 August 2011, the Dutch government was notified about the incident.
DigiNotar revoked the rogue Google certificate and asked a Dutch security firm to perform an investigation into the breach. The report of the investigation showed that DigiNotar did not observe basic security measures and hundreds of false certificates were issued on its systems. The rogue Google certificate proved to be in use since 27 July 2011. Active abuse was observed between 4 and 29 August 2011. It is likely that hundreds of thousands of sessions with Google from Iran were intercepted using this certificate.
DigiNotar issues several types of certificates, including PKI-Overheid certificates - typically used by the Dutch government for its websites - and 'simple' certificates. As it could not be excluded that false government certificates were also issued, the Dutch government decided to switch to certificates from other authorities.
The incident with DigiNotar also raises questions about the safety and trustworthiness of the certificate system in general. Worldwide, there are hundreds of companies providing these certificates. Supervision on these companies is limited. They can sell certificates as long as they meet the conditions of the browser manufacturers. There is no guarantee that all of them take adequate measures to prevent and detect breaches. This should be a wake-up call for governments and organisations all over the world to actively start working on better, more robust certification systems.
Message about rogue certificate (28.08.2011)
Letter from the Dutch government about the intrusion at DigiNotar (only
in Dutch, 5.09.2011)
Interim report from Fox-IT about the DigiNotar Certificate Authority breach (5.09.2011)
(Contributed by Marjolein van der Heide - EDRi-member Bits of Freedom - Netherlands)
This article is also available in:
Deutsch: Verhaltensorientierte Online-Werbung: EU-Datenschützer weiterhin unzu...
In a letter sent to IAB Europe and European Advertising Standards Alliance (EASA), Article 29 Working Party (WP) made some observations regarding the self-regulatory framework for online behavioural advertising.
The self-regulatory code, established in April 2011 by IAB Europe and EASA, imposes the display of an icon on the companies' websites that tells users that the adverts track their online activity. By using the icon, users may manage information preferences or stop receiving behavioural advertising.
The code also says that operators must give users access to an easy method to turn off cookies and must inform users that they collect data on them for behavioural advertising and give details on the advertisers they provide the respective data. They also have to publish details of how they collect and use the data, including whether personal or sensitive personal data is involved.
However, Article 29 WP has shown in its letter that it did not consider these measures enough to comply with the EU's e-Privacy Directive which provides in its new form that storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information about the purposes of the processing".
The Directive establishes an exception where the cookie is "strictly necessary" for the provision of a service "explicitly requested" by the user.
"The mechanisms proposed by the EASA/IAB Code enable people to object to being tracked for the purposes of serving behavioural advertising. However, tracking and serving ads takes place unless people exercise the objection," said Jacob Kohnstamm, chairman of the Working Party, in the letter. The WP believes the advertising icon used by companies that signed up to the online behavioural advertising code did not actually provide users with "the legally required information allowing them to make informed choices about cookie tracking."
In Article 29 WP's opinion, the text of the code is rather confusing and insufficiently clear which could lead to some users thinking "tracking has no privacy implications for them". Kohnstamm says in the letter that the information made available through clicking the icon should be more accessible and be directly visible.
Ad network providers should "provide the necessary information before the cookie is sent and rely on users' actions ... to signify their agreement to receive the cookie and to be tracked". Valid consent can be received by the provider by asking users to click a box to "accept" cookie tracking. Each advertising network must also obtain consent from users even when websites work with multiple ad network providers.
By obtaining prior, informed consent from the users, the ad provider no longer needs to ask the user for subsequent access and transmissions of cookies for the same purpose. However, the "opt out" ability should still be available.
Kohnstamm also says that browser settings will not be enough to meet the cookie consent requirements until they automatically reject third-party cookies as default and allow users to take "affirmative action to accept cookies from specific websites for a specific purpose." Browsers must also advise users that the cookies tracking their data are being used by ad network providers, in addition to informing them of what network providers do with the cookies.
In June 2011, EU Commissioner Neelie Kroes told EU companies that they had a year to find methods that achieve the legal standard for gaining consent, as failure to do so would result in the Commission's action toward non-compliant businesses.
Letter from the Article 29 Working Party addressed to Online Behavioural
Advertising (OBA) Industry regarding the self-regulatory Framework
Advertising code not cookie law compliant, data protection watchdogs say
EDRi-gram: Article 29 WP issues opinion on cookies in the new ePrivacy
This article is also available in:
Deutsch: EP-Studie zum "Verbraucherverhalten im digitalen Umfeld"
The European Parliament (EP) has published a study on "Consumer Behaviour in a Digital environment" that it commissioned from London School of Economics (LSE). The study involved a limited stakeholder consultation, which included an extensive exchange of views with EDRi and also looked at existing literature and market developments. The study is part of an ongoing reflection in the EU institutions on how to better achieve an effective single market, particularly in the digital space.
The study identifies the following factors affecting the demand and supply
for illegal content:
2.the rise of the "prosumer" (users as both producers and consumers);
3.the exchange of products and files online between consumers; and
4.large economic incentives for providing what the authors of the study refer to as"illegal content".
The conclusions of the study focus entirely on a positive agenda, seeking to address the source of problems rather than looking at ways of dealing with symptoms. For example, regarding unauthorised use of copyright-protected content, the study proposes the development of innovative pricing and payment systems as well as reforming copyright in a way that would eliminate the inefficiencies that come from the fragmentation of the single market. The authors of the research clearly prioritise positive measures to minimise the causes of the unauthorised activity, rather than negative and defensive measures that would punish consumers without addressing underlying causes.
Similarly, the report conclusions support efforts at improving awareness of consumer protection legislation, enhanced dispute resolution and removal of practical barriers to cross-border trade. The study also discusses the rise of "prosumers", concluding that this development "potentially leads to innovation, creativity and consumer empowerment. However, prosumers cannot fully develop under current legal framework. The copyright exceptions regime and cross-border licensing problems are singled out as current challenges".
While generally being a very positive and well-thought out piece of research, the main negative point in the report is the repeated conflation of "illegal content" with "illegal use of content," which, legally, practically and societally are entirely different problems.
Finally, the research team identifies the following challenges faced by copyright law with regard to illegal access to content ("illegal content" in the vocabulary of the report):
a) the exceptions to copyright still differ significantly from Member
State to Member State;
b) licensing arrangements through collecting societies have not been harmonised;
c) some Member States have introduced laws allowing restrictions on internet access for connections where illegal file-sharing has been conducted (or suspected), which may lead to market distortions and raises the question of whether the right to Internet access introduced by the Framework Directive is infringed;
d) the issue of who is responsible for clearing copyright on social media such as YouTube is not clearly defined in the E-Commerce Directive because peer-to-peer services were much less prevalent when the Directive was written. (This final point is somewhat odd because the E-Commerce Directive does not cover rights clearance and YouTube is a hosting service which therefore renders the question of peer-to-peer somewhat irrelevant.)
Consumer Behaviour in a Digital Environment (2011)
Framework Directive - Directiev 2002/21/EC as amended by Directive
2009/140/EC and Regulation 544/2009
(Contribution by Daniel Dimov - intern at EDRi)
This article is also available in:
Deutsch: EGMR prüft Beschwerde von Azeri Bloggern wegen unrechtmäßiger Inhaf...
The Azeri bloggers that have been imprisoned for one year and a half under alleged hooliganism accusations, have filed a complaint to the European Court of Human Rights which will decide whether their detention was in breach of the European Convention on Human Rights.
Emin Milli and Adnan Hajizade were arrested in Baku in July 2009, being accused of hooliganism, after having reported to the police that they had been physically attacked in a restaurant. Under pressure from the international community, the two bloggers, detained in reality for attacks, on their blogs, against the Government and the fact that they had disseminated a video making fun of corrupt politicians, were finally released in November 2010. Their release is however conditional and their convictions have not been overturned.
Consequently, the two bloggers are now seeking official recognition that the Azerbaijani authorities violated their rights. The fact that despite with injuries they were not treated medically in prison, breaches article 3 of the European Convention. The Azeri government was also in breach of article 5 that protects the right to freedom and security and says that a person may only be detained when suspected of a crime or when sentenced to imprisonment.
According to the Convention, the bloggers should have been informed of the reasons for their arrest and they had a right to be tried within a reasonable time or to be released pending trial. Milli and Hajizade were held for the two months before the start of their trial and were still in prison after than four months after their arrest.
The complaint also says that article 6, on the right to a fair trial, was violated because the two people were allowed only belated access to their lawyers because the court took no account of what their lawyers said.
Article 8 on respect for private and family life was also violated as the two bloggers were denied family visits while held and certain family members were not allowed to testify at the trial.
The Azeri government violated Article 10 as well which protects the right to freedom of expression, including the "freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers." The two people were jailed for criticizing the authorities.
Hajizade and Milli filed a complaint before a Baku court on 8 July 2009 which was rejected on 23 July 2009. On 10 August 2009, a separate complaint against the interior ministry, Baku police and prosecutor's office of failing to respect the right to be presumed innocent was also rejected.
A confidential cable from the US embassy in Baku on 9 July 2009, posted on the WikiLeaks website on 26 August, confirmed the fact that the two bloggers did not receive medical treatment for their injuries during their first night in detention and revealed that embassy officers' requests to visit the two bloggers in prison were denied.
The cable also drew attention over the fact that on 10 July 2009 Milli was to work as the interpreter for the PACE Special Rapporteur for Political Prisoners which seems a rather strange coincidence.
European Court to examine case of two bloggers who were unjustly jailed
US embassy thought two bloggers' arrest was suspicious (1.09.2011)
EDRi-gram: Azeri bloggers released from prison (1.12.2010)
This article is also available in:
Deutsch: EP-Ausschuss für die Einführung von Nacktscannern in Europa
To the dismay of liberal groups, the European Parliament's Transport Committee decided on 31 August 2011 to back up the European Commission in the introduction of body scanners in EU airports.
Although imposing certain conditions such as excluding x-ray technology, the EP committee did not oppose the EC rules which do not specifically rule out the use of naked imagery. "The rules do exclude the use of x-ray technology, which is something we wanted. But it doesn't oblige producers to use stick figures instead of the actual body image," stated Benjamin Krieger, a spokesperson for the German Liberals in the European Parliament.
This decision comes when some European countries have reached the conclusion that body scanners are not performing properly.
The German interior ministry has recently decided to postpone the introduction of body scanners at airports for security reasons, after the devices used for trial failed to do their job, giving false alerts at a 49% rate. The errors included confusing sweaty armpits with concealed bomb chemicals while body scanners are supposed to detect plastic or ceramic elements concealed under clothing.
The technology has been strongly opposed by human rights groups, religious organizations and even the European Parliament because it shows a real outline of one's bodily features, which raises serious privacy concerns. The devices are also expensive, reaching up to 130 000 euro/piece. In 2010, Italy also fell back on the plan to implement the technology in airports after experiencing the same results during the trial period.
Germany ditches body scanners after repeat false alerts (1.09.2011)
Meeting minutes TRAN Committee (30-31.08.2011)
EP transport committee votes in favour of body scanners (31.08.2011)
Welcome to body scanners at EU airports (6.07.2011)
Parliament sets conditions for airport body scanners (6.07.2011)
EDRi-gram: MEPs approve body scanners on airports on a voluntarily basis
This article is also available in:
Deutsch: ENDitorial: Missbrauch der irischen Polizeidatenbanken
In 2003, the then Minister for Justice, Michael McDowell, stated that he "knew that journalists were bribing gardaí (police)". This was said in the context of proposed legislation which would create a crime of leaking information. Unfortunately, the intervening years seem to have confirmed the continued existence of police abuse of confidential information, resulting in a recent announcement by the Data Protection Commissioner of a national audit into garda compliance with data protection law.
The audit will focus on access to the main police database system, known as PULSE, which was introduced in 1999. While that system has a read/write audit trail, this has not acted as a deterrent to abuse - some police have sought to evade the audit trail by requesting others to carry out searches on their behalf, and login sharing has also been a problem. Consequently, in his 2010 Annual Report the Data Protection Commissioner stated that:
"In 2007 we agreed a data protection Code of Practice with the Gardaí which included undertakings to monitor access to the Garda PULSE system. It is disappointing to report that, despite our repeated engagements on this issue, the monitoring of access by members of An Garda Síochána to PULSE falls short of the standards we expect. We wish to see significant progress by the Gardaí in pro-actively monitoring PULSE access in 2011 and will be carrying out an audit to satisfy ourselves of this progress."
The most recent allegations generally concern personal use of the system, for example by using it to check on daughters' boyfriends or to check the history of cars which they are buying. However, allegations of more serious abuses are also common, including the sale of information to insurance companies and even criminals.
Unfortunately, it is difficult to provide a full assessment of abuses which have taken place. While many allegations have been published by the media and some internal garda investigations carried out, the results of these investigations have not been published, disciplinary sanctions (if any) are seldom made public and there is no comprehensive official report. This secrecy is a failing in itself and makes it impossible for the public to have confidence in the system.
Nevertheless, there have been a number of cases in which abuses have been clearly established and some significant examples from recent years include a court award of 70 000 Euros damages to a family who were harmed by a garda leak (2007), the dismissal of a garda for leaking information to a drug dealer (2010) and most recently the finding that a detective sergeant abused her position to monitor an ex-boyfriend through his phone records (2011). A particularly telling example in 2007 followed the high profile death of a person struck by a car driven by an off-duty garda. In that case, 187 individual gardai accessed that person's PULSE record following his death, without apparent justification. An investigation into that incident recommended that: "supervisory ranks should regularly monitor the use of PULSE to ensure that members adhere to their legal and disciplinary obligations in regard to its proper use and suitable measures should be put in place by the Garda authorities to ensure that audit-trails of the usage of PULSE and any other official information systems can always be accurate and verifiable."
Unfortunately, it seems that several years later this has yet to be done.
GRA's concern about bribery claim, RTÉ News (04.08.2003)
Family awarded 70,000 Euros over garda leak, RTÉ News (17.01.2007)
Report by the Commission following the death of Mr. Derek O'Toole on March
4th 2007 and subsequent complaints and investigation under Section 98,
Garda Síochána Act, 2005 (10.2008)
Garda Data Protection Code of Practice (12.11.2007)
Gardaí line up 17 officers for quizzing over leaks to 'Don', Evening Herald
Walsh, Human Rights and Policing in Ireland (Dublin: Clarus Press, 2009), Ch. 32
Garda sacked for leaked secrets to Don's crime gang, Evening Herald
2010 Annual Report of the Data Protection Commissioner (03.2010)
EDRi-gram: No effective sanction for Police abuse of Irish data retention
(Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland)
This article is also available in:
Statewatch Analysis: UK: Internet censorhip looms as government finds alternatives to flawed Digital Economy Act by Max Rowlands:
The routine blocking of websites believed to facilitate copyright
infringement has moved a step closer - despite concerns about the
proportionality and effectiveness of the practice - following a landmark
High Court ruling on the application of the Copyright, Designs and Patents
Act. Meanwhile, the much criticised Digital Economy Act continues to
flounder, with the introduction of its controversial copyright protection
scheme - which would allow the government to suspend the internet
connections of individuals accused of persistent copyright infringement -
now delayed until 2012 at the earliest.
Europe's Odd Anti-Piracy Stance: Send Money to the US! (4.09.2011)
Naming Names on the Internet (4.09.2011)
Open Data: Emerging trends, issues and best practices - a research project
about openness of public data in EU local administration (2011)
This article is also available in:
8-9 September 2011, Brussels, Belgium
6th Annual Conference of the European Policy for Intellectual Property Fine-Tuning IPR debates
10-17 September 2011
Freedom Not Fear - International Action Week
16-18 September 2011, Warsaw, Poland
Creative Commons Global Summit 2011
16 September 2011, Leeds, UK
Conference "Human Rights in the Digital Era"
17 September 2011, Worldwide
Software Freedom Day 2011
27-30 September 2011, Nairobi, Kenya
Sixth Annual IGF Meeting: Internet as a catalyst for change: access, development, freedoms and innovation
11 October 2011, Brussels, Belgium
ePractice Workshop: Addressing evolving needs for cross-border eGovernment services
13-14 October 2011, Lisbon, Portugal
2nd International Graduate Conference in Communication and Culture: The Culture of Remix
20-21 October 2011, Warsaw, Poland
Open Govrenment Data Camp
27-30 October 2011, Barcelona, Spain
Free Culture Forum 2011
9 November 2011, Bucharest, Romania
Inet Conference: Access, Trust and Freedom: Coordinates for future Internet
11-13 November 2011, Gothenburg, Sweden
FSCONS is the Nordic countries' largest gathering for free culture, free software and a free society.
25-27 January 2012, Brussels, Belgium
Computers, Privacy and Data Protection 2012